summaryrefslogtreecommitdiff
path: root/source4/dsdb
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-06-30 14:20:22 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-07-01 10:43:29 +1000
commitf1b1a66615bfceb4d53c11140aceba2412d0ec37 (patch)
treee79e4ffe2abab670f10b0c10dcd63570686e6923 /source4/dsdb
parent1053a24a87f341fcd5578db56bc8b3962e63bb98 (diff)
downloadsamba-f1b1a66615bfceb4d53c11140aceba2412d0ec37.tar.gz
samba-f1b1a66615bfceb4d53c11140aceba2412d0ec37.tar.bz2
samba-f1b1a66615bfceb4d53c11140aceba2412d0ec37.zip
s4-dsdb Allow a servicePrincipalName of machine$
This is pointless, but MacOS X (version 10.6.8 was tested) apparently sets machine$ into this field. Andrew Bartlett
Diffstat (limited to 'source4/dsdb')
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index b6eb56376c..98bf43d21e 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -457,6 +457,12 @@ static int acl_validate_spn_value(TALLOC_CTX *mem_ctx,
bool is_dc = (userAccountControl & UF_SERVER_TRUST_ACCOUNT) ||
(userAccountControl & UF_PARTIAL_SECRETS_ACCOUNT);
+ if (strcasecmp_m(spn_value, samAccountName) == 0) {
+ /* MacOS X sets this value, and setting an SPN of your
+ * own samAccountName is both pointless and safe */
+ return LDB_SUCCESS;
+ }
+
kerr = smb_krb5_init_context_basic(mem_ctx,
lp_ctx,
&krb_ctx);